The accelerated adoption of cloud-based services over the past few years, alongside the rapid expansion of remote work, has greatly increased the cyber attack vector. This has made ransomware a persistent and pervasive threat, requiring a cybersecurity overhaul. Agencies are stuck in crisis mode and sprinting to keep up with new and evolving cybersecurity mandates, including the recent Executive Order on Improving the Nation’s Cybersecurity (EO).
Matt Hartman, deputy executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), recently shared that agencies are expected to make “meaningful progress” on implementing zero trust within the next three years. This directive is essential to protecting federal networks against cyberattacks. However, this is a very long time in cyberspace.
Immediate attention is required to stop ransomware attacks. From January to July 31, 2021, the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center saw a 62 percent increase in reports of ransomware. It’s clear that ransomware attacks aren’t going away. Right now, agencies urgently need to identify ways to become more resilient against attacks to keep data, information, and applications secure.
You Can’t Secure What You Can’t See
Hybrid environments, poor cyber hygiene, and network complexities create the perfect hiding space for threats. In a recent report, CISA warned agencies of the rising threat of ransomware, reaching broadly from federal IT to operational technology (OT), the systems that control physical machinery.
The report notes that accessible assets are an attractive target for malicious cyber actors seeking to disrupt critical infrastructure. “As demonstrated by recent cyber incidents, intrusions affecting IT networks can also affect critical operational processes even if the intrusion does not directly impact an OT network,” CISA says.
IT leaders face a maze of communications between their applications and workloads but don’t have the comprehensive visibility they need to understand how to stop the threat of ransomware and to properly defend their networks. Without an understanding of the connections in your network, it’s hard to know where to start securing it. In other words, you can’t do anything about an enemy you can’t see coming.
For many agencies and commands, mapping communications across applications and workloads will provide a comprehensive view of how a threat might spread. This will also reveal which parts of the environment are most vulnerable to an attack.
Real-time visibility will quickly give agencies the ability to identify applications and workloads that are creating unnecessary security risks, as well as systems that are out of scope for various compliance regulations. These risky, often hidden applications and workloads are cyber blind spots. With actionable insights from intelligent visibility, agencies can quickly reduce risk and focus their security efforts around a clear and intentional plan to bolster security.
Prioritize for Progress
We know unnecessary assets that are not up to date with patches or out of compliance lead to operational risks. This is where adversaries will gravitate. Attackers will also target high value assets (HVA), which are crucial to protect. However, many teams are surprised to learn about unnecessary communications between their applications and workloads. Unsurprisingly, these areas represent some of the largest blind spots for IT leaders. To make matters worse, most IT visibility tools are not designed to capture these workflows.
Teams need to identify their HVAs and understand the risks of each. They can also assign each HVA with a vulnerability score by connection. This will help prioritize where to implement zero trust controls for the most immediate impact.
Agencies should prioritize securing mission-critical applications, data, and workloads first – especially if they present high security risks, including those that are communicating outside of an organization in unclassified environments. These risky ports and non-compliant assets are commonly targeted by ransomware and other widespread cyberattacks.
By blocking unnecessary connections, agencies can accelerate their zero trust architecture strategy and minimize operational risk. This allows teams to dramatically improve their cyber resilience within hours, rather than weeks, by limiting the lateral movement of a cyberattack.
Enforcing Zero Trust
In a highly connected, hybrid environment, zero trust architecture is critical to keeping agencies and commands secure, and visibility is the first step in the process. Then, agencies can take further steps to improve their cyber resilience, such as access restriction and micro-segmentation. With micro-segmentation, security teams lock down segments of the environment to stop the spread of cyberattacks, including ransomware.
In the words of Eric Goldstein, executive assistant director for cybersecurity for CISA, “Ransomware continues to be a national security threat and a critical challenge, but it is not insurmountable.” Increased visibility and zero trust strategies can provide agencies with the actionable insights and proactive security controls they need to stop ransomware and keep the mission moving forward.
